[ECP-9878] Authorize the payment upon the API response handling

[candemiralp]

Description

This PR allows payment authorization after completing /payments or /payments/details call immediately if the resultCode: Authorised.

The logic in the AuthorizationWebhookHandler still exists and acts as a fallback.

With this implementation, order state is moved to processing or adyen_authorized based on the capture mode immediately.

Tested scenarios

• Card payments
• 3DS2 card payments
• 3DS2 card payments refusal
• Partial payments with SVS + Visa
• Wallet payments (Google Pay)

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces a significant refactoring of the payment authorization flow within the Adyen module. The primary goal is to centralize and standardize how payments are authorized, whether initiated by webhooks or direct API responses. By introducing a dedicated AuthorizationHandler and decoupling payment processing logic from the Notification object, the codebase becomes more modular, maintainable, and robust. This change ensures consistent authorization behavior across different payment initiation points and simplifies future development.

Highlights

• Centralized Authorization Logic: Introduced a new AuthorizationHandler class to encapsulate and centralize the logic for authorizing payments, creating order payments, handling invoices, and updating order details.
• Decoupled Payment Processing: Refactored several helper methods (createAdyenOrderPayment, createInvoice, updatePaymentDetails, finalizeOrder) to accept explicit payment parameters (PSP reference, amount, currency, payment method) instead of relying on a Notification object, improving modularity.
• Streamlined Webhook Handling: The AuthorisationWebhookHandler was simplified by delegating core authorization processes to the new AuthorizationHandler, removing redundant logic for auto-capture, manual capture, and Boleto-specific status handling.
• Post-Order Placement Authorization: Added a new observer, AuthorizeAfterOrderPlacement, to ensure payments are authorized correctly after an order is placed, leveraging the new AuthorizationHandler.
• API Response Authorization: Integrated the AuthorizationHandler into PaymentResponseHandler to authorize payments directly upon receiving an AUTHORISED result code from API responses.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Changelog

• Helper/AdyenOrderPayment.php
  • Modified createAdyenOrderPayment method signature to accept explicit payment details (PSP reference, payment method, amount value, amount currency) instead of a Notification object.
  • Updated the merchantReference to use order->getIncrementId() directly.
  • Changed captureStatus constant reference from Payment to OrderPaymentInterface.
  • Adjusted error logging to use order->getIncrementId() for merchant reference.
• Helper/Invoice.php
  • Modified createInvoice method signature to accept explicit payment details (PSP reference, amount value) instead of a Notification object.
  • Updated logging contexts to use pspReference and order->getIncrementId() directly.
  • Changed invoice->setTransactionId to use the passed pspReference.
  • Updated value for offline invoice creation to use the passed amountValue.
  • Simplified error and warning messages.
• Helper/Order.php
  • Modified updatePaymentDetails method signature to accept pspReference directly instead of a Notification object.
  • Updated setCcTransId, setLastTransId, and setTransactionId to use the passed pspReference.
  • Modified finalizeOrder method signature to accept pspReference and amount directly instead of a Notification object.
  • Removed Boleto-specific status handling logic (getBoletoStatus) and the addProcessedStatusHistoryComment call.
  • Updated logging contexts to use pspReference and order->getIncrementId().
• Helper/PaymentMethods.php
  • Removed the getBoletoStatus method, which handled Boleto-specific overpaid/underpaid status logic.
• Helper/PaymentResponseHandler.php
  • Added AuthorizationHandler as a dependency.
  • Integrated AuthorizationHandler::execute to authorize payments when resultCode is AUTHORISED in handlePaymentsDetailsResponse.
• Helper/Webhook/AuthorisationWebhookHandler.php
  • Refactored constructor dependencies, removing AdyenOrderPayment, CaseManagement, Invoice, PaymentMethods helpers and adding AuthorizationHandler and AdyenOrderPayment resource model.
  • Converted class to readonly.
  • Significantly refactored handleSuccessfulAuthorisation to delegate all core authorization logic to the new AuthorizationHandler.
  • Removed markPaymentCapturedIfNeeded, sendOrderMailIfNeeded, createCashShipmentIfNeeded, handleAutoCapture, and handleManualCapture methods, as their logic is now centralized in AuthorizationHandler.
  • Added a fallback mechanism to ensure order payment is created during webhook handling if not already present.
• Helper/Webhook/CaptureWebhookHandler.php
  • Modified finalizeOrder call to pass pspReference and amountValue explicitly instead of the Notification object.
• Helper/Webhook/ManualReviewAcceptWebhookHandler.php
  • Modified finalizeOrder call to pass pspReference and amountValue explicitly instead of the Notification object.
• Model/AuthorizationHandler.php
  • Added a new class AuthorizationHandler to centralize payment authorization logic.
  • Contains execute method that orchestrates the creation of adyen_order_payment entries, updates payment details, handles auto-capture (creating invoices, finalizing orders), and manual capture (marking for review or adding comments).
  • Includes private helper methods handleAutoCapture, handleManualCapture, and sendOrderMailIfNeeded.
• Observer/AuthorizeAfterOrderPlacement.php
  • Added a new observer AuthorizeAfterOrderPlacement that listens to the checkout_submit_all_after event.
  • Retrieves stored payment responses for the order.
  • If an AUTHORISED payment response is found, it uses the AuthorizationHandler to process the authorization, ensuring the order state is correctly updated.
• Test/Unit/Helper/PaymentMethodsTest.php
  • Removed unit tests for the getBoletoStatus method, as the method itself was removed.
• etc/events.xml
  • Added a new observer adyen_authorize_payment_after_order_placement for the checkout_submit_all_after event.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces a significant and beneficial refactoring by creating a central AuthorizationHandler to manage payment authorization logic. This change improves code structure by consolidating logic that was previously distributed across various helpers, and it decouples components from the Notification object. While the overall direction is positive, I have identified a couple of important issues. There appears to be a regression where functionality for handling overpaid and underpaid Boleto payments has been removed. Additionally, the new AuthorizeAfterOrderPlacement observer contains some unsafe array accesses that could lead to errors. I've added specific comments with suggestions to address these points.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
94.5% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud